In its fourth decade, the simple but powerful form of identity at the heart of every mobile phone is now bringing mobile authentication into the 21st century. We celebrate by taking a look back and explaining how SIM security can solve the fraud problems of SMS and email...
In the fast-moving world of technology, the humble SIM card is a pretty venerable piece of kit. The first SIM card was developed in 1991, by smart-card maker Giesecke & Devrient. The clue is in the name — from the very beginning, the SIM (Subscriber Identity Module) proved itself as a form of identity, having the advantage that if a device is lost or damaged, the SIM card can be removed and placed in a different one, and this usefulness spurred its meteoric growth.
Today, SIM cards are utterly ubiquitous, enabling over 7 billion devices to connect to cellular networks around the world. Growth continues to accelerate: the rise of cellular IoT and 5G networks is predicted to drive a market for SIM card manufacturers of >20 billion cellular devices by 2020.
Over the course of a similar timeframe, the mobile phone itself has evolved beyond recognition – from an unwieldy brick to a powerful personal supercomputer. New designs, technologies, platforms and even networks come and go. Yet that little core component, the SIM, remains relatively unchanged — and just as foundational to our mobile experience.
It's this classic component that is the answer to a very modern problem: how to balance identity security and usability in a mobile world. Until recently, app owners have had to make an uneasy trade-off: either offer a low fraud threshold, which means less friction but invites lots of bad actors in, or go high-security, which will deter bad actors but turn off lots of legitimate users too.
But now there's a way to have it all. By using SIM + mobile phone number as the identifier, you can offer a deterministic authentication solution that's so low-friction the user doesn't even notice it. SIM cards have the same cryptographic security as a credit card, and can be verified with certainty in real-time.
How? The user enters their mobile number, and the app communicates instantly with the MNO (mobile network operator) to verify the link between number and SIM. This ensures that the user possesses a unique physical device and isn’t a bot or fraudster. The user gets a frictionless experience, and the app can be confident that each user is a genuine individual.
We call this SIM-based authentication. It's the simple yet powerful solution at the heart of all tru.ID products, and it's the answer to SIM swap fraud.
This blog was first featured in our June 2021 newsletter. For your digest of the latest in mobile authentication, resources for developers, and insights from our founders, subscribe to The DOT from tru.ID: